Update Account

The update account authentication action updates an account during the authentication process. This action applies a sequence of update operations, defined on the configuration, on an account managed by an account manager, also defined via configuration.

The updated account is the one whose username string matches the subject string in current authentication attributes, i.e., the authentication attributes provided to the action. If no such account exists, the update account action returns a failure result and the authentication process ends with that failure.

This update account action supports three different operations:

  • Adding an account attribute using a value retrieved from the action’s subject attributes, context attributes, or action attributes.
  • Replacing an account attribute using a value retrieved from the action’s subject attributes, context attributes, or action attributes.
  • Removing an account attribute given an attribute path.

The addition and replacement operation behavior is the same as the one defined for the AttributeUpdate SDK class.

Configuration

The following configuration options are available

Configuration Mandatory Description
account-manager yes Where the account should be updated.
operation yes One or more entries defining an update mutation on the account.
operation/name yes An unique name for the operation.
operation/add-attribute no Defines an addition operation.
operation/replace-attribute no Defines a replacement operation.
operation/delete-attribute no Defines a deletion operation.

An addition operation has the following configuration settings.

Configuration Mandatory Description
operation/add-attribute/source-attribute-path yes Defines the path of the attribute containing the value to use on the addition.
operation/add-attribute/source-attribute-location no Defines the location of the attribute containing the value to use on the addition (subject attributes, context attributes, or action attributes). Default location is the action attributes.
operation/add-attribute/target-attribute-path yes Defines the path of the account attribute to add.
operation/add-attribute/convert-to-multi-value no If present, the source attribuve value is wrapped inside a multi-valued value.
operation/add-attribute/convert-to-multi-value/primary no Defines if the multi-valued value is the primary value.
operation/add-attribute/source-attribute-is-required no If enabled, the action will fail if the source attribute is not found, otherwise the operation is ignored (default behavior).

A replacement operation has the following configuration settings.

Configuration Mandatory Description
operation/replace-attribute/source-attribute-path yes Defines the path of the attribute containing the value to use on the replacement.
operation/replace-attribute/source-attribute-location no Defines the location of the attribute containing the value to use on the replacement (subject attributes, context attributes, or action attributes). Default location is the action attributes.
operation/replace-attribute/target-attribute-path yes Defines the path of the account attribute to replace.
operation/replace-attribute/convert-to-multi-value no If present, the source attribuve value is wrapped inside a multi-valued value.
operation/replace-attribute/convert-to-multi-value/primary no Defines if the multi-valued value is the primary value.
operation/replace-attribute/source-attribute-is-required no If enabled, the action will fail if the source attribute is not found, otherwise the operation is ignored (default behavior).

A delete operation has the following configuration settings.

Configuration Mandatory Description
operation/delete-attribute/target-attribute-path yes Defines the path of the account attribute to delete.